-
Looking at e.g. https://github.com/csaf-poc/csaf_distribution/blob/main/csaf/generate_cvss_enums.go, this will generate another file using the MIT License. Should generated files also use the Apache2.…
-
Currently, we use the standard go-http-lib user agent. However, to be able to better track the usage of the tool, we should use our own user-agent string, e.g., `" "`.
-
Currently, we can only check the conformance of a single PMD on a provider. When https://github.com/csaf-poc/csaf_distribution/pull/536 is implemented, we can use the new `Enumerate` function in the m…
-
We [currently support](https://docs.chainloop.dev/reference/operator/contract#material-schema) CSAF_VEX. This task aims to add support for [other profiles](https://docs.oasis-open.org/csaf/csaf/v2.0/c…
-
### Description
CSAF, or Common Security Advisory Framework, is a standardized format for documenting and sharing security advisories and vulnerabilities in an automated way. It provides a structured…
-
On a few code platforms, only one License is shown. This makes sense if the License can be displayed that is the one where all code parts under different licenses are combined and compatible.
For e…
-
To make debugging easier we should show some build information in the client. Therefore, we want to show a build number of the client (#19) and the backend (#20) in the client. One possible place to d…
-
* [x] change files new with isduba to `SPDX-License-Identifier: Apache-2.0`
* [x] licensing section on the front page, much like the csaf_distribution section, but give the copyright holder.
* …
-
In the aggregator schema, we have a typo:
https://github.com/oasis-tcs/csaf/blob/5757eeb192f30dbf1752d15365e335c3408ce4df/csaf_2.0/json_schema/aggregator_json_schema.json#L178
lists `mirror` as …
-
Normally we'd chat about this in a monthly meeting but since I'm intending to cancel the one for December I figured I'd bring the discussion here.
The question is: What's on your cve-bin-tool wishl…